US County Pay $400,000 To Get Rid Of A Ransomware Infection

Officials in the USA (Jackson County, Georgia) paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems.

The ransomware hit the county’s internal network last week, on Friday, 1st March.

The infection forced most of the local government’s IT systems offline, with the exception of its website and 911 emergency system.

“Everything we have is down,” Sheriff Janis Mangum told StateScoop in an interview. “We are doing our bookings the way we used to do it before computers. We’re operating by paper in terms of reports and arrest bookings. We’ve continued to function. It’s just more difficult.”

Jackson County officials notified the FBI and hired a cyber-security consultant. The consultant negotiated with the ransomware operators, and earlier this week the Georgia county paid $400,000 to hackers to get a decryption key and re-gain access to their ransomed files.

County officials are in the process of decrypting affected computers and servers, Jackson County Manager Kevin Poe told Online Athens in an interview.

“We had to make a determination on whether to pay,” Poe said. “We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”

Poe identified the ransomware that infected the county’s network as “Ryunk” –which is most likely Ryuk, a well-known ransomware strain that is currently undecryptable.

The Ryuk gang is believed to be operating out of Eastern Europe and for the past year has focused on targeting local government, healthcare and large enterprise networks. They intentionally go after big targets as part of a tactic known as “big game hunting.”

Ryuk ransomware is usually deployed on networks following infections with Emotet or Trickbot malware. However, Jackson County officials have not yet confirmed how hackers breached their network.

Jackson County won’t be the victim who paid the largest ever ransom demand, though. This “honour” goes to South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware attack in June 2017.

Jackson County Manager Kevin Poe also has a case when saying that the county would have spent more rebuilding its network than paying the hackers. Government officials in Atlanta, Georgia have ended up paying millions to rebuild their IT network following a similar ransomware attack in March 2018, a cost which ballooned from the initially estimated $2.6 million to around $17 million.